VDB

CVE-2023-23588

CVE-2023-23588 PUBLISHED CVSS 6.199999809265137 MEDIUM

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.

EPSS 0.06% · 19.1th percentile

Risk Scores

CVSS 3.1
6.199999809265137
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
0.06%
19.1th percentile

Affected Products

VendorProductVersions
siemenssimatic_ipc847d_firmware
SiemensSIMATIC IPC847D*
SiemensSIMATIC IPC1047EAll versions with maxView Storage Manager < 4.09.00.25611 on Windows
SiemensSIMATIC IPC647DAll versions
SiemensSIMATIC IPC647EAll versions with maxView Storage Manager < 4.09.00.25611 on Windows
microchipmaxview_storage_manager0, 0
SiemensSIMATIC IPC1047All versions
siemenssimatic_ipc1047_firmware
siemenssimatic_ipc647d_firmware
SiemensSIMATIC IPC847EAll versions with maxView Storage Manager < 4.09.00.25611 on Windows

Exploit Intelligence

Timeline

  • Apr 11, 2023 CVE Published
  • Apr 11, 2023 EPSS Score
  • May 19, 2023 EPSS Score
  • Jun 26, 2023 EPSS Score
  • Aug 2, 2023 EPSS Score
  • Sep 9, 2023 EPSS Score
  • Oct 17, 2023 EPSS Score
  • Nov 24, 2023 EPSS Score
  • Dec 31, 2023 EPSS Score
  • Feb 7, 2024 EPSS Score
  • Mar 16, 2024 EPSS Score
  • Apr 23, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›